Skip to content

fix: hide course authoring content when enable_course_authoring is off#176

Open
bra-i-am wants to merge 8 commits into
openedx:masterfrom
eduNEXT:bc/fix-waffle-flag-related-ui
Open

fix: hide course authoring content when enable_course_authoring is off#176
bra-i-am wants to merge 8 commits into
openedx:masterfrom
eduNEXT:bc/fix-waffle-flag-related-ui

Conversation

@bra-i-am

@bra-i-am bra-i-am commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Closes openedx/openedx-authz#340
Closes openedx/openedx-authz#341

When authz.enable_course_authoring is off, the Admin Console was still displaying course-related content in filters, the Team Members table, the Audit User view, and the role assignment wizard. This PR makes all those surfaces aware of the flag state using the dedicated GET /api/authz/v1/waffle-flag-states/ endpoint introduced in openedx-authz#358.

How it works

The flag state is fetched from a dedicated endpoint that returns the global value plus every org and course that has an active override, split into on and off lists:

{
  "global": false,
  "org_overrides": { "on": ["Demo"], "off": [] },
  "course_overrides": { "on": [], "off": ["course-v1:testing+CT01+CT01-2024"] }
}

A new useCourseAuthoringFlag hook centralises all resolution logic and exposes three resolvers:

  • isCourseAuthoringEnabled — true if the flag is on at any tier (global, org, or course). Used as a coarse domain-level gate for the role filter and assignment wizard.
  • isCourseEnabled(courseId) — resolves enablement for a specific course using the precedence course override → org override → global. Used to filter individual courses out of the scope filter and wizard scope list.
  • isOrgAuthoringEnabled(org) — true if the org is explicitly enabled, has at least one course with an explicit on override, or inherits a global on without an explicit org off. Used to filter the org filter for course-only users.

Flag-state resolution is intentionally separate from permission validation (useViewTeamPermissions), because Casbin state can lag behind the flag when automatic migration is disabled or when the global flag changes. See ADR 0003 for the full rationale.

Main changes

  • data/api.ts — adds getCourseAuthoringFlagStates and the CourseAuthoringFlagStates / WaffleFlagOverrides interfaces.
  • data/hooks.ts — adds useCourseAuthoringFlagStates
  • hooks/useCourseAuthoringFlag.ts — derives isCourseAuthoringEnabled, isCourseEnabled, isOrgAuthoringEnabled, isLoading, and isError from the flag states query. Surfaces a single error toast with retry on fetch failure.
  • RolesFilter — course roles require both isCourseViewAllowed and isCourseAuthoringEnabled.
  • ScopesFilter — filters each course individually with isCourseEnabled(scope.externalKey); libraries are always included.
  • OrgFilter — filters orgs with isOrgAuthoringEnabled for course-only users; users with library access always see all orgs.
  • AssignRoleWizardPage — course roles gated by isCourseAuthoringEnabled (the flag) independently of management permissions.
  • useScopeListData — filters the wizard's scope list client-side with isCourseEnabled
  • ScopeList — empty state only shown once all pages have loaded, since client-side filtering can empty pages while later pages still contain visible scopes.
  • docs/decisions/0003-course-authoring-flag-enforcement.rst — ADR documenting the enforcement approach, its temporary nature, rejected alternatives, and future removal criteria.

Test plan

Setup: you need an instance with the authz.enable_course_authoring flag and at least one org or course override configured. The filter, scope, and wizard tests do not require migration — they read the flag state directly. The assignment list tests (TeamMembersTable, AuditUser) require migration to have run, either by enabling ENABLE_AUTOMATIC_AUTHZ_COURSE_AUTHORING_MIGRATION = True for org/course-level changes, or by running authz_rollback_course_authoring manually for global flag changes.

Scenario Expected behaviour
Flag OFF globally, no overrides Role filter hides course groups; scope filter hides all courses; org filter hides all orgs for course-only users; wizard has no course roles
Flag OFF globally, org A forced ON Courses in org A appear in scope/org filters and wizard; all other orgs/courses hidden
Flag ON globally, course X forced OFF Course X hidden in scope filter and wizard scope list; all other courses visible
Flag ON globally, org B forced OFF Org B and its courses hidden for course-only users
User has only library roles Libraries appear in all filters regardless of flag state
User has both library and course roles, flag OFF Library content visible everywhere; course content hidden
waffle-flag-states endpoint unreachable Error toast appears with retry button; all course content hidden
Loading state (slow network) Course content hidden until flag state resolves; library content unaffected

@openedx-webhooks openedx-webhooks added the open-source-contribution PR author is not from Axim or 2U label Jul 2, 2026
@openedx-webhooks

openedx-webhooks commented Jul 2, 2026

Copy link
Copy Markdown

Thanks for the pull request, @bra-i-am!

This repository is currently maintained by @openedx/committers-frontend.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@github-project-automation github-project-automation Bot moved this to Needs Triage in Contributions Jul 2, 2026
@bra-i-am
bra-i-am force-pushed the bc/fix-waffle-flag-related-ui branch from 9c86539 to 84b092e Compare July 2, 2026 15:27
@bra-i-am
bra-i-am requested review from MaferMazu and dcoa July 2, 2026 15:31
@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 99.27007% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 97.64%. Comparing base (da6f99a) to head (ddfbb53).
⚠️ Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
src/authz-module/audit-user/index.tsx 85.71% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master     #176      +/-   ##
==========================================
+ Coverage   97.48%   97.64%   +0.15%     
==========================================
  Files          66       68       +2     
  Lines        1552     1655     +103     
  Branches      400      436      +36     
==========================================
+ Hits         1513     1616     +103     
  Misses         39       39              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bra-i-am
bra-i-am force-pushed the bc/fix-waffle-flag-related-ui branch 2 times, most recently from e268688 to 9e97e1e Compare July 2, 2026 19:45

@dcoa dcoa left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some small changes

Comment thread src/authz-module/team-members/TeamMembersTable.test.tsx Outdated
Comment thread src/authz-module/hooks/useViewTeamPermissions.ts Outdated
Comment thread src/authz-module/team-members/TeamMembersTable.tsx Outdated
@bra-i-am
bra-i-am force-pushed the bc/fix-waffle-flag-related-ui branch from 93a14f8 to b049a37 Compare July 3, 2026 18:45
@bra-i-am
bra-i-am marked this pull request as ready for review July 3, 2026 18:52
@bra-i-am
bra-i-am requested a review from dcoa July 3, 2026 18:52
@rodmgwgu

rodmgwgu commented Jul 3, 2026

Copy link
Copy Markdown

@bra-i-am does this change depend on new changes in openedx-authz? I tried to run it on my env which was built from main a couple of days ago and I see the following errors on the browser inspector when loading the admin-console form this branch:

Request: POST http://local.openedx.io:8000/api/authz/v1/permissions/validate/me

Payload: [{"action":"content_libraries.manage_library_team"},{"action":"courses.manage_course_team"}]

Response: [{"scope":["This field is required."]},{"scope":["This field is required."]}]

@dcoa

dcoa commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

does this change depend on new changes in openedx-authz?

@rodmgwgu yes, it depends on release 1.20.0 https://github.com/openedx/openedx-authz/releases/tag/v1.20.0

@dcoa

dcoa commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@MaferMazu @BryanttV I have a question about the expected behavior. Specifically, is it okay to run the migrations when the flag is turned off?

I just want to make sure I understand all the requirements before reviewing.

I was able to see the assignment table filtered, (although not the filter options when using the admin role) by enabling ENABLE_AUTOMATIC_AUTHZ_COURSE_AUTHORING_MIGRATION and testing the organization-level override.

image image

However, I don't see the same behavior at the platform level. Am I missing a step, or is there something else that needs to be configured?

@mphilbrick211 mphilbrick211 moved this from Needs Triage to In Eng Review in Contributions Jul 6, 2026
@MaferMazu

Copy link
Copy Markdown
Contributor

@dcoa, in my understanding, this solution works because there is no assignment of new authorization course authoring roles (thanks to the migration), so you won't be able to see the information. Is that so, @bra-i-am?

If so, I am a bit worried about it, because based on the comments in the issue, the criteria are not related to having a role; they are more related to the waffle flag.

same fix as #341 : we show Authoring UI if ANY Authoring related Waffle flag is ON. We hide it if ALL of them ar OFF.

That's a quote from openedx/openedx-authz#340 (comment)

It makes me think because you can definitely have the migration enabled, but if not, based on Guille's comment, you shouldn't be able to see anything related to new course authoring roles if the waffle flag is off.

For example, having the waffle flag active, assigning user Y as the course admin for course X, and then deactivating the waffle flag. - That user Y shouldn't be able to assign more users to the new authorization course authoring roles. <- This should be true regardless of whether migration conf is enabled.

I tested exactly that: I enabled the waffle flag globally, assigned another user as the course admin for a course, and then deactivated the waffle flag... and that "another user" is still able to assign course authoring roles. <- and this shouldn't be possible.

I remember a conversation where the proposal to solve this was to create a REST API in AuthZ that retrieves information about available domains (also taking into account the waffle flag). Also, we considered solving #172 with that approach, but since it was resolved directly with front, I wonder if we can do something similar here, or if we would need the rest api to have the proper info from the back because the waffle flag info is trickier.

@dcoa

dcoa commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

thanks @MaferMazu for the extra context

Mi opinion here:

If so, I am a bit worried about it, because based on the comments in the issue, the criteria are not related to having a role; they are more related to the waffle flag.

The implementation in this PR is not bad understanding the automated migration run, and how it impact the backend. However is not enough covering all the test cases, based on what we are discussing.

Platform Flag Org Override Course Override Effective Authoring State User Has Permission? Show Authoring Roles?
Off None None Off No
Off None None Off Yes
On None None On No
On None None On Yes
Off Force On None On No
Off Force On None On Yes
On Force On None On No
On Force On None On Yes
Off Force Off None Off No
Off Force Off None Off Yes
On Force Off None Off No
On Force Off None Off Yes
Off None Force On On No
Off None Force On On Yes
On None Force On On No
On None Force On On Yes
Off None Force Off Off No
Off None Force Off Off Yes
On None Force Off Off No
On None Force Off Off Yes
Platform Flag Org Override Course Override Effective State Reason
On Force Off Force On On Course override has highest priority
On Force On Force Off Off Course override has highest priority
Off Force On Force Off Off Course override disables it
Off Force Off Force On On Course override enables it
On Force Off None Off Organization disables platform default
Off Force On None On Organization enables platform default

I remember a conversation where the proposal to solve this was to create a REST API in AuthZ that retrieves information about available domains (also taking into account the waffle flag). Also, we considered solving #172 with that approach, but since it was resolved directly with front, I wonder if we can do something similar here, or if we would need the rest api to have the proper info from the back because the waffle flag info is trickier.

The other issue was a smaller scope that is why we can solved it, even though we still needed backend implementation.

The issue here is more complicated and I think need a solution at the backend side first, the reason is there is no platform standalone endpoint that we can use from the frontend to validate waffle_flags and cover all the test cases, for example there is /api/toggles/v0/state/ but it needs Django staff role and there is not filters to help return only the required data. (An endpoint like this could be useful in the MFE evolution, I imagine other modules evaluating other flags, but that is another discussion)

The platform has /api/contentstore/v1/course_waffle_flags it returns the platform level flags if I don't specify a course, but we can not distinguish between course level and org level, and we would then need to validate one by one of the scopes.

assignments endpoint already validates and return only library roles if the flag is off , we can add a endpoint for roles that do the same but beyond that, same should happen with scopes and organization endpoints.

Scopes should be filtered properly, with that we can validate al front and there is not course_key then hide the course roles. (At the moment I did my test with superuser, the endpoint was returning the course for the organization and the course that has the flag off, even when ENABLE_AUTOMATIC_AUTHZ_COURSE_AUTHORING_MIGRATION setting is on)

Or even the validate/me me endpoint could check the flags before returning is_allowed?
Let me know what do you think :)

@MaferMazu

Copy link
Copy Markdown
Contributor

@dcoa I agree.
We can prioritize modifying the validate/me endpoint, then the scope, and then the roles. So those endpoints should return information that takes into account the waffle flag.

@mariajgrimaldi

Copy link
Copy Markdown
Member

This PR was meant to partially solve 340 & 341 by supporting the proposal made here #176 (comment) for the Verawood release - returning False for scopes based on the waffle flag state. But the approach still needs to address other dimensions, such as the performance and correctness of the entire framework, especially since these issues are release blockers and the modified endpoints are critical to the system's functionality. Internally (thanks @dcoa!), we discussed the best solution moving forward, given that we shouldn't introduce big changes that put the framework's correctness at risk, and went ahead with #358 (thanks @MaferMazu!) and supporting filtering via the admin-console MFE. This will definitely introduce complexity to the MFE logic, which will be addressed in the next release cycle.

@mariajgrimaldi mariajgrimaldi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for this! I'm currently rebuilding my environment to thoroughly test this, but in the meantime I left a few clarifying questions :)

// Libraries span orgs and are always enabled, so they must keep their behavior: only
// filter orgs by the course-authoring flag for course-only users, and never while
// permissions or flag states are still loading (default to showing every org).
const filterByAuthoringFlag = !isLoading && !isFlagLoading && !isLibraryViewAllowed;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this work when a user has both library & course roles?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm testing and it works!

value: org.shortName,
})) || [], [orgsData]);

// Libraries span orgs and are always enabled, so they must keep their behavior: only

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Libraries span orgs and...?

const orgOff = new Set(flagStates?.orgOverrides.off ?? []);
const global = flagStates?.global ?? false;

const courseEnabled = (courseId: string): boolean => {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about courseFlagOverrideEnabled?


const orgsWithForcedOnCourse = new Set([...courseOn].map(orgOf));

const orgAuthoringEnabled = (org: string): boolean => {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about orgFlagOverrideEnabled?

Comment on lines +86 to +88
{/* Loaded pages can be entirely filtered out client-side while later pages
still hold visible scopes, so only report empty once every page is in. */}
{orderedOrgs.length === 0 && !hasNextPage && !isFetchingNextPage && (

@mariajgrimaldi mariajgrimaldi Jul 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this affect the search? I mean, if I search for an org or course it's not on (forced off or globally off), would it appear in the results because it's on another page?

This comment only makes sense when this is true: https://github.com/openedx/frontend-app-admin-console/pull/176/changes#r3595738419

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you search for an org or course that is not ON, it won't appear because of this line

const courseOff = new Set(flagStates?.courseOverrides.off ?? []);
const orgOn = new Set(flagStates?.orgOverrides.on ?? []);
const orgOff = new Set(flagStates?.orgOverrides.off ?? []);
const global = flagStates?.global ?? false;

@mariajgrimaldi mariajgrimaldi Jul 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we also filter the role assignments list based on the flag as well? Does it make sense to implement it? I thought we were going to but it's not clear from the cover letter if that's our intent.

Image

Although the scope course-v1:Demo+DM+2026 doesn't appear in the filters or in the assignment wizard, it does in the assignment list, suggesting it might be on. One relevant point is that I can delete the assignment from the assignment list within the disabled scope, which is what we're trying to avoid: actions on disabled scopes.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mariajgrimaldi I tried implementing client-side filtering on the assignment list, but it only introduces UX problems that are tricky to resolve cleanly: the table is server-driven and paginated, so filtering rows after they arrive from the API breaks the item count ("Showing 8 of 8" when only 6 are visible) and produces phantom pages (e.g. showing 2 pages when everything fits in 1, because the items all get filtered out client-side).

This is actually the reason ADR 0003 explicitly decided against it:

The assignment lists are server-driven and paginated. Client-side filtering would invalidate pagination, counts, and sorting. The backend therefore remains responsible for hiding authoring-only assignments.

The intent is that Casbin migration (ADR 0013 in openedx-authz) keeps the assignment data aligned with the flag. Once migration runs, disabled-scope assignments won't be returned by the API at all, so the list stays clean without any frontend workaround.

That said, your concern about actions on disabled scopes is valid, so I've disabled the view action button for course assignments where isCourseEnabled(scope) returns false. This prevents navigating into a disabled scope to delete the assignment

The scenario you observed where the scope appears is still the known migration-lag window acknowledged in the ADR. The disabled button is the temporary guard I think we can apply without breaking the table UX, what do you say?

image

@dcoa dcoa Jul 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid the behavior described by Brayan and keep everything consistent the solution is to convert the tables to client-side, that is a bigger refactor. Furthermore I do not recommend.

I think that is a good solution @bra-i-am, ideally for both tables (global assignments and user specific assignments, we still can do deep navigation) and may be add a tooltip explained that assignment/actions over the course is disabled.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this makes sense. Considering we're not targeting changes in the backend, this works well!

@mariajgrimaldi

Copy link
Copy Markdown
Member

@bra-i-am: Do you think we can add test cases for each row in this table? #176 (comment)

@bra-i-am

bra-i-am commented Jul 16, 2026

Copy link
Copy Markdown
Contributor Author

@mariajgrimaldi @dcoa @MaferMazu, I've been testing this using the table shared by Diana, and this is what I've found:

Platform flag [ CHECK ✅ ]

Platform Flag Org Override Course Override Effective Authoring State User Has Permission? Show Authoring Roles? Evidence Note
Off None None Off No image Display library roles and scopes only. Table is filtered to show only libraries
Off None None Off Yes image Display library roles and scopes only; the table displays the courses where the user has Casbin permissions
On None None On No image Display library roles and scopes only
On None None On Yes image Display all courses and libraries roles and scopes

ORG Override [ CHECK ✅ ]
TestOrg is the one that will be overridden to test:

Platform Flag Org Override Course Override Effective Authoring State User Has Permission? Show Authoring Roles? Evidence Note
Off Force On None On No image admin: can select in wizard only org courses with Force on Regular user: sees only library roles and scopes
Off Force On None On Yes image image admin: can select in wizard only org courses with Force on. Regular user: can see scope and roles from the overridden orgs; the rows in the table are not filtered
On Force On None On No image Display library roles and scopes only. Table is filtered to show only libraries
On Force On None On Yes image Display all courses and libraries roles and scopes
Off Force Off None Off No image Display library roles and scopes only
Off Force Off None Off Yes image Displays only library roles and scopes despite the user having permissions in non-forced-off courses. The rows in the table are not filtered
On Force Off None Off No image Display library roles and scopes only
On Force Off None Off Yes image Users can see the course roles and ONLY the ON scopes. The rows in the table are not filtered

Course Override [ CHECK ✅ ]

Platform Flag Org Override Course Override Effective Authoring State User Has Permission? Show Authoring Roles? Evidence Note
Off None Force On On No image Display library roles and scopes only
Off None Force On On Yes image image Admin: can have access only to the Force ON courses. Regular user: can see all roles and ONLY the scopes with Force ON despite having permissions in more courses
On None Force On On No image Display library roles and scopes only
On None Force On On Yes image Can see all the roles and scopes
Off None Force Off Off No image Display library roles and scopes only
Off None Force Off Off Yes image Display library roles and scopes only. The rows in the table are not filtered
On None Force Off Off No image Display library roles and scopes only
On None Force Off Off Yes image User only has access to the courses that don't have force OFF. The rows in the table are not filtered

Override Priority (Cascade)

Platform Flag Org Override Course Override Effective State Reason Evidence Note
On Force Off Force On On Course override has highest priority image It is only shown the course overridden with Force ON
On Force On Force Off Off Course override has highest priority image It is hidden the course overridden with Force OFF
On Force Off None Off Org Force Off overrides platform image
Off Force On Force Off Off Course override disables Org override, which overrides platform override image The image shows course roles because the org override is ON, but is not showing course scopes because the only course in that ON org is the one that is being Forced OFF
Off Force Off Force On On Course override enables the course image Course Force ON has priority over platform/org override; that's why the course is shown
Off Force On None On Organization enables platform default image Org override shows the courses of the Force ON org

Test Conclusions

What works correctly

  • Scope filter — per-course resolution (isCourseEnabled) is accurate in all tested scenarios. Force On shows only the enabled course; Force Off hides it while keeping other courses visible.
  • Org filter — filters orgs correctly based on override state. Course-only users don't see disabled orgs.
  • Role filter + wizard — correctly hides course roles and scopes when the flag is off at every tier (Platform=Off with no Force On anywhere).
  • Force On override at any tier — restores course content correctly for users with permission, both in the wizard and filters.
  • Platform=On + Org/Course Force Off — the roles filter correctly shows course roles because authoring is still enabled globally. The scope filter correctly hides the forced-off org's or course's scopes. The two gates work together: the domain gate answers "is authoring enabled anywhere?" (yes, Platform=On), and the per-scope gate answers "is this specific scope enabled?" (no, Force Off).
  • Override priority cascade — course override always wins over org override, which always wins over platform default. Confirmed in all four cascade combinations.

Confirmed known limitations

Assignment list is not filtered — in every scenario, the table shows Casbin rows regardless of the flag state. This is the documented limitation in ADR 0003 (Decision 4 + Implications section). Fixing it requires the backend to filter /assignments/ by flag state, which is out of scope for this PR.


Overall, the behavior matches expectations across all tested scenarios. The only known limitation (assignment list not filtered by flag state) is documented in ADR 0003 and intentionally out of scope for this PR

@bra-i-am
bra-i-am force-pushed the bc/fix-waffle-flag-related-ui branch from 06db9fe to b3c5f7c Compare July 16, 2026 22:47
@bra-i-am
bra-i-am force-pushed the bc/fix-waffle-flag-related-ui branch from b3c5f7c to 843486d Compare July 16, 2026 22:50
@mariajgrimaldi mariajgrimaldi added the create-sandbox open-craft-grove should create a sandbox environment from this PR label Jul 17, 2026
@mariajgrimaldi

Copy link
Copy Markdown
Member

@bra-i-am: thanks a lot for all the testing! I don't want to block this further but I wonder whether we can implement all the manual testing using jest. In any case, this looks great to me! Thanks a lot for addressing all of my comments :)

@mariajgrimaldi mariajgrimaldi added create-sandbox open-craft-grove should create a sandbox environment from this PR and removed create-sandbox open-craft-grove should create a sandbox environment from this PR labels Jul 17, 2026
@bra-i-am

Copy link
Copy Markdown
Contributor Author

@mariajgrimaldi, I added Jest coverage for those manual cases:

  • Added a describe block inside useCourseAuthoringFlag.test.tsx covering every row of the truth table: platform flag on/off, org Force On/Off, course Force On/Off, and the cascade combinations
  • Updated ScopesFilter.test.tsx where isCourseEnabled returns different values for different courses, asserting that the dropdown displays only the enabled

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

create-sandbox open-craft-grove should create a sandbox environment from this PR open-source-contribution PR author is not from Axim or 2U

Projects

Status: In Eng Review

7 participants